nsxt 3.8.1, Apr 30 25

nsxt 3.8.1 published on Wednesday, Apr 30, 2025 by vmware

nsxt.PolicyIpsecVpnSession

Explore with Pulumi AI

nsxt 3.8.1 published on Wednesday, Apr 30, 2025 by vmware

Create PolicyIpsecVpnSession Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new PolicyIpsecVpnSession(name: string, args: PolicyIpsecVpnSessionArgs, opts?: CustomResourceOptions);

@overload
def PolicyIpsecVpnSession(resource_name: str,
                          args: PolicyIpsecVpnSessionArgs,
                          opts: Optional[ResourceOptions] = None)

@overload
def PolicyIpsecVpnSession(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          local_endpoint_path: Optional[str] = None,
                          peer_address: Optional[str] = None,
                          vpn_type: Optional[str] = None,
                          service_path: Optional[str] = None,
                          peer_id: Optional[str] = None,
                          display_name: Optional[str] = None,
                          ike_profile_path: Optional[str] = None,
                          policy_ipsec_vpn_session_id: Optional[str] = None,
                          max_segment_size: Optional[float] = None,
                          ip_addresses: Optional[Sequence[str]] = None,
                          compliance_suite: Optional[str] = None,
                          authentication_mode: Optional[str] = None,
                          enabled: Optional[bool] = None,
                          dpd_profile_path: Optional[str] = None,
                          direction: Optional[str] = None,
                          nsx_id: Optional[str] = None,
                          prefix_length: Optional[float] = None,
                          psk: Optional[str] = None,
                          rules: Optional[Sequence[PolicyIpsecVpnSessionRuleArgs]] = None,
                          description: Optional[str] = None,
                          tags: Optional[Sequence[PolicyIpsecVpnSessionTagArgs]] = None,
                          tunnel_profile_path: Optional[str] = None,
                          connection_initiation_mode: Optional[str] = None)

func NewPolicyIpsecVpnSession(ctx *Context, name string, args PolicyIpsecVpnSessionArgs, opts ...ResourceOption) (*PolicyIpsecVpnSession, error)

public PolicyIpsecVpnSession(string name, PolicyIpsecVpnSessionArgs args, CustomResourceOptions? opts = null)

public PolicyIpsecVpnSession(String name, PolicyIpsecVpnSessionArgs args)
public PolicyIpsecVpnSession(String name, PolicyIpsecVpnSessionArgs args, CustomResourceOptions options)

type: nsxt:PolicyIpsecVpnSession
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PolicyIpsecVpnSessionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PolicyIpsecVpnSessionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PolicyIpsecVpnSessionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PolicyIpsecVpnSessionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PolicyIpsecVpnSessionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var policyIpsecVpnSessionResource = new Nsxt.PolicyIpsecVpnSession("policyIpsecVpnSessionResource", new()
{
    LocalEndpointPath = "string",
    PeerAddress = "string",
    VpnType = "string",
    ServicePath = "string",
    PeerId = "string",
    DisplayName = "string",
    IkeProfilePath = "string",
    PolicyIpsecVpnSessionId = "string",
    MaxSegmentSize = 0,
    IpAddresses = new[]
    {
        "string",
    },
    ComplianceSuite = "string",
    AuthenticationMode = "string",
    Enabled = false,
    DpdProfilePath = "string",
    Direction = "string",
    NsxId = "string",
    PrefixLength = 0,
    Psk = "string",
    Rules = new[]
    {
        new Nsxt.Inputs.PolicyIpsecVpnSessionRuleArgs
        {
            Action = "string",
            Destinations = new[]
            {
                "string",
            },
            NsxId = "string",
            Sources = new[]
            {
                "string",
            },
        },
    },
    Description = "string",
    Tags = new[]
    {
        new Nsxt.Inputs.PolicyIpsecVpnSessionTagArgs
        {
            Scope = "string",
            Tag = "string",
        },
    },
    TunnelProfilePath = "string",
    ConnectionInitiationMode = "string",
});

example, err := nsxt.NewPolicyIpsecVpnSession(ctx, "policyIpsecVpnSessionResource", &nsxt.PolicyIpsecVpnSessionArgs{
	LocalEndpointPath:       pulumi.String("string"),
	PeerAddress:             pulumi.String("string"),
	VpnType:                 pulumi.String("string"),
	ServicePath:             pulumi.String("string"),
	PeerId:                  pulumi.String("string"),
	DisplayName:             pulumi.String("string"),
	IkeProfilePath:          pulumi.String("string"),
	PolicyIpsecVpnSessionId: pulumi.String("string"),
	MaxSegmentSize:          pulumi.Float64(0),
	IpAddresses: pulumi.StringArray{
		pulumi.String("string"),
	},
	ComplianceSuite:    pulumi.String("string"),
	AuthenticationMode: pulumi.String("string"),
	Enabled:            pulumi.Bool(false),
	DpdProfilePath:     pulumi.String("string"),
	Direction:          pulumi.String("string"),
	NsxId:              pulumi.String("string"),
	PrefixLength:       pulumi.Float64(0),
	Psk:                pulumi.String("string"),
	Rules: nsxt.PolicyIpsecVpnSessionRuleArray{
		&nsxt.PolicyIpsecVpnSessionRuleArgs{
			Action: pulumi.String("string"),
			Destinations: pulumi.StringArray{
				pulumi.String("string"),
			},
			NsxId: pulumi.String("string"),
			Sources: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	Description: pulumi.String("string"),
	Tags: nsxt.PolicyIpsecVpnSessionTagArray{
		&nsxt.PolicyIpsecVpnSessionTagArgs{
			Scope: pulumi.String("string"),
			Tag:   pulumi.String("string"),
		},
	},
	TunnelProfilePath:        pulumi.String("string"),
	ConnectionInitiationMode: pulumi.String("string"),
})

var policyIpsecVpnSessionResource = new PolicyIpsecVpnSession("policyIpsecVpnSessionResource", PolicyIpsecVpnSessionArgs.builder()
    .localEndpointPath("string")
    .peerAddress("string")
    .vpnType("string")
    .servicePath("string")
    .peerId("string")
    .displayName("string")
    .ikeProfilePath("string")
    .policyIpsecVpnSessionId("string")
    .maxSegmentSize(0)
    .ipAddresses("string")
    .complianceSuite("string")
    .authenticationMode("string")
    .enabled(false)
    .dpdProfilePath("string")
    .direction("string")
    .nsxId("string")
    .prefixLength(0)
    .psk("string")
    .rules(PolicyIpsecVpnSessionRuleArgs.builder()
        .action("string")
        .destinations("string")
        .nsxId("string")
        .sources("string")
        .build())
    .description("string")
    .tags(PolicyIpsecVpnSessionTagArgs.builder()
        .scope("string")
        .tag("string")
        .build())
    .tunnelProfilePath("string")
    .connectionInitiationMode("string")
    .build());

policy_ipsec_vpn_session_resource = nsxt.PolicyIpsecVpnSession("policyIpsecVpnSessionResource",
    local_endpoint_path="string",
    peer_address="string",
    vpn_type="string",
    service_path="string",
    peer_id="string",
    display_name="string",
    ike_profile_path="string",
    policy_ipsec_vpn_session_id="string",
    max_segment_size=0,
    ip_addresses=["string"],
    compliance_suite="string",
    authentication_mode="string",
    enabled=False,
    dpd_profile_path="string",
    direction="string",
    nsx_id="string",
    prefix_length=0,
    psk="string",
    rules=[{
        "action": "string",
        "destinations": ["string"],
        "nsx_id": "string",
        "sources": ["string"],
    }],
    description="string",
    tags=[{
        "scope": "string",
        "tag": "string",
    }],
    tunnel_profile_path="string",
    connection_initiation_mode="string")

const policyIpsecVpnSessionResource = new nsxt.PolicyIpsecVpnSession("policyIpsecVpnSessionResource", {
    localEndpointPath: "string",
    peerAddress: "string",
    vpnType: "string",
    servicePath: "string",
    peerId: "string",
    displayName: "string",
    ikeProfilePath: "string",
    policyIpsecVpnSessionId: "string",
    maxSegmentSize: 0,
    ipAddresses: ["string"],
    complianceSuite: "string",
    authenticationMode: "string",
    enabled: false,
    dpdProfilePath: "string",
    direction: "string",
    nsxId: "string",
    prefixLength: 0,
    psk: "string",
    rules: [{
        action: "string",
        destinations: ["string"],
        nsxId: "string",
        sources: ["string"],
    }],
    description: "string",
    tags: [{
        scope: "string",
        tag: "string",
    }],
    tunnelProfilePath: "string",
    connectionInitiationMode: "string",
});

type: nsxt:PolicyIpsecVpnSession
properties:
    authenticationMode: string
    complianceSuite: string
    connectionInitiationMode: string
    description: string
    direction: string
    displayName: string
    dpdProfilePath: string
    enabled: false
    ikeProfilePath: string
    ipAddresses:
        - string
    localEndpointPath: string
    maxSegmentSize: 0
    nsxId: string
    peerAddress: string
    peerId: string
    policyIpsecVpnSessionId: string
    prefixLength: 0
    psk: string
    rules:
        - action: string
          destinations:
            - string
          nsxId: string
          sources:
            - string
    servicePath: string
    tags:
        - scope: string
          tag: string
    tunnelProfilePath: string
    vpnType: string

PolicyIpsecVpnSession Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The PolicyIpsecVpnSession resource accepts the following input properties:

DisplayName string: Display name of the resource.
LocalEndpointPath string: Policy path referencing Local endpoint. In VMC, Local Endpoints are pre-configured the user can refer to their path using data nsxt.PolicyIpsecVpnLocalEndpoint and using the "Private IP1" or "Public IP1" values to refer to the private and public endpoints respectively. Note that if authentication_mode is CERTIFICATE, then the local_endpoint must be configured with certificate_path and trust_ca_paths.
PeerAddress string: Public IPV4 address of the remote device terminating the VPN connection.
PeerId string: Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.
ServicePath string: The path of the IPSec VPN service for the VPN session.
VpnType string: RouteBased or PolicyBased. Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security association is negotiated for each pair of local and peer subnet. For PolicyBased Session, rule must be specified with sources, destination and action. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is a must for establishing redundant VPN session to remote site. For RouteBased VPN session, ip_addresses and prefix_length must be specified to create the tunnel interface and its subnet.
AuthenticationMode string: Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. If user wants to configure compliance_suite, then the authentication_mode can only be CERTIFICATE.
ComplianceSuite string: Compliance suite. Value is one of CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, None.
ConnectionInitiationMode string: Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.
Description string: Description of the resource.
Direction string: The traffic direction apply to the MSS clamping. Value is one of NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION AND BOTH.
DpdProfilePath string: Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.
Enabled bool: Boolean. Enable/Disable IPsec VPN session. Default is "true" (session enabled).
IkeProfilePath string: Policy path referencing IKE profile. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
IpAddresses List<string>: IP Tunnel interface (commonly referred as VTI) ip_addresses. Only applied for Route Based VPN Session.
MaxSegmentSize double: Maximum amount of data the host will accept in a TCP segment. Value is an int between 108 and 8860. If not specified then the value would be the automatic calculated MSS value.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
PolicyIpsecVpnSessionId string: ID of the resource.
PrefixLength double: Subnet Prefix Length. Only applied for Route Based VPN Session.
Psk string: IPSec Pre-shared key. Maximum length of this field is 128 characters.
Rules List<PolicyIpsecVpnSessionRule>: Bypass rules for this IPSec VPN Session. Only applicable to PolicyBased VPN Session.
Tags List<PolicyIpsecVpnSessionTag>: A list of scope + tag pairs to associate with this resource.
TunnelProfilePath string: Policy path referencing Tunnel profile to be used. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.

DisplayName string: Display name of the resource.
LocalEndpointPath string: Policy path referencing Local endpoint. In VMC, Local Endpoints are pre-configured the user can refer to their path using data nsxt.PolicyIpsecVpnLocalEndpoint and using the "Private IP1" or "Public IP1" values to refer to the private and public endpoints respectively. Note that if authentication_mode is CERTIFICATE, then the local_endpoint must be configured with certificate_path and trust_ca_paths.
PeerAddress string: Public IPV4 address of the remote device terminating the VPN connection.
PeerId string: Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.
ServicePath string: The path of the IPSec VPN service for the VPN session.
VpnType string: RouteBased or PolicyBased. Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security association is negotiated for each pair of local and peer subnet. For PolicyBased Session, rule must be specified with sources, destination and action. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is a must for establishing redundant VPN session to remote site. For RouteBased VPN session, ip_addresses and prefix_length must be specified to create the tunnel interface and its subnet.
AuthenticationMode string: Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. If user wants to configure compliance_suite, then the authentication_mode can only be CERTIFICATE.
ComplianceSuite string: Compliance suite. Value is one of CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, None.
ConnectionInitiationMode string: Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.
Description string: Description of the resource.
Direction string: The traffic direction apply to the MSS clamping. Value is one of NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION AND BOTH.
DpdProfilePath string: Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.
Enabled bool: Boolean. Enable/Disable IPsec VPN session. Default is "true" (session enabled).
IkeProfilePath string: Policy path referencing IKE profile. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
IpAddresses []string: IP Tunnel interface (commonly referred as VTI) ip_addresses. Only applied for Route Based VPN Session.
MaxSegmentSize float64: Maximum amount of data the host will accept in a TCP segment. Value is an int between 108 and 8860. If not specified then the value would be the automatic calculated MSS value.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
PolicyIpsecVpnSessionId string: ID of the resource.
PrefixLength float64: Subnet Prefix Length. Only applied for Route Based VPN Session.
Psk string: IPSec Pre-shared key. Maximum length of this field is 128 characters.
Rules []PolicyIpsecVpnSessionRuleArgs: Bypass rules for this IPSec VPN Session. Only applicable to PolicyBased VPN Session.
Tags []PolicyIpsecVpnSessionTagArgs: A list of scope + tag pairs to associate with this resource.
TunnelProfilePath string: Policy path referencing Tunnel profile to be used. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.

displayName String: Display name of the resource.
localEndpointPath String: Policy path referencing Local endpoint. In VMC, Local Endpoints are pre-configured the user can refer to their path using data nsxt.PolicyIpsecVpnLocalEndpoint and using the "Private IP1" or "Public IP1" values to refer to the private and public endpoints respectively. Note that if authentication_mode is CERTIFICATE, then the local_endpoint must be configured with certificate_path and trust_ca_paths.
peerAddress String: Public IPV4 address of the remote device terminating the VPN connection.
peerId String: Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.
servicePath String: The path of the IPSec VPN service for the VPN session.
vpnType String: RouteBased or PolicyBased. Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security association is negotiated for each pair of local and peer subnet. For PolicyBased Session, rule must be specified with sources, destination and action. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is a must for establishing redundant VPN session to remote site. For RouteBased VPN session, ip_addresses and prefix_length must be specified to create the tunnel interface and its subnet.
authenticationMode String: Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. If user wants to configure compliance_suite, then the authentication_mode can only be CERTIFICATE.
complianceSuite String: Compliance suite. Value is one of CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, None.
connectionInitiationMode String: Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.
description String: Description of the resource.
direction String: The traffic direction apply to the MSS clamping. Value is one of NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION AND BOTH.
dpdProfilePath String: Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.
enabled Boolean: Boolean. Enable/Disable IPsec VPN session. Default is "true" (session enabled).
ikeProfilePath String: Policy path referencing IKE profile. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
ipAddresses List<String>: IP Tunnel interface (commonly referred as VTI) ip_addresses. Only applied for Route Based VPN Session.
maxSegmentSize Double: Maximum amount of data the host will accept in a TCP segment. Value is an int between 108 and 8860. If not specified then the value would be the automatic calculated MSS value.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the resource.
policyIpsecVpnSessionId String: ID of the resource.
prefixLength Double: Subnet Prefix Length. Only applied for Route Based VPN Session.
psk String: IPSec Pre-shared key. Maximum length of this field is 128 characters.
rules List<PolicyIpsecVpnSessionRule>: Bypass rules for this IPSec VPN Session. Only applicable to PolicyBased VPN Session.
tags List<PolicyIpsecVpnSessionTag>: A list of scope + tag pairs to associate with this resource.
tunnelProfilePath String: Policy path referencing Tunnel profile to be used. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.

displayName string: Display name of the resource.
localEndpointPath string: Policy path referencing Local endpoint. In VMC, Local Endpoints are pre-configured the user can refer to their path using data nsxt.PolicyIpsecVpnLocalEndpoint and using the "Private IP1" or "Public IP1" values to refer to the private and public endpoints respectively. Note that if authentication_mode is CERTIFICATE, then the local_endpoint must be configured with certificate_path and trust_ca_paths.
peerAddress string: Public IPV4 address of the remote device terminating the VPN connection.
peerId string: Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.
servicePath string: The path of the IPSec VPN service for the VPN session.
vpnType string: RouteBased or PolicyBased. Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security association is negotiated for each pair of local and peer subnet. For PolicyBased Session, rule must be specified with sources, destination and action. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is a must for establishing redundant VPN session to remote site. For RouteBased VPN session, ip_addresses and prefix_length must be specified to create the tunnel interface and its subnet.
authenticationMode string: Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. If user wants to configure compliance_suite, then the authentication_mode can only be CERTIFICATE.
complianceSuite string: Compliance suite. Value is one of CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, None.
connectionInitiationMode string: Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.
description string: Description of the resource.
direction string: The traffic direction apply to the MSS clamping. Value is one of NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION AND BOTH.
dpdProfilePath string: Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.
enabled boolean: Boolean. Enable/Disable IPsec VPN session. Default is "true" (session enabled).
ikeProfilePath string: Policy path referencing IKE profile. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
ipAddresses string[]: IP Tunnel interface (commonly referred as VTI) ip_addresses. Only applied for Route Based VPN Session.
maxSegmentSize number: Maximum amount of data the host will accept in a TCP segment. Value is an int between 108 and 8860. If not specified then the value would be the automatic calculated MSS value.
nsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
policyIpsecVpnSessionId string: ID of the resource.
prefixLength number: Subnet Prefix Length. Only applied for Route Based VPN Session.
psk string: IPSec Pre-shared key. Maximum length of this field is 128 characters.
rules PolicyIpsecVpnSessionRule[]: Bypass rules for this IPSec VPN Session. Only applicable to PolicyBased VPN Session.
tags PolicyIpsecVpnSessionTag[]: A list of scope + tag pairs to associate with this resource.
tunnelProfilePath string: Policy path referencing Tunnel profile to be used. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.

display_name str: Display name of the resource.
local_endpoint_path str: Policy path referencing Local endpoint. In VMC, Local Endpoints are pre-configured the user can refer to their path using data nsxt.PolicyIpsecVpnLocalEndpoint and using the "Private IP1" or "Public IP1" values to refer to the private and public endpoints respectively. Note that if authentication_mode is CERTIFICATE, then the local_endpoint must be configured with certificate_path and trust_ca_paths.
peer_address str: Public IPV4 address of the remote device terminating the VPN connection.
peer_id str: Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.
service_path str: The path of the IPSec VPN service for the VPN session.
vpn_type str: RouteBased or PolicyBased. Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security association is negotiated for each pair of local and peer subnet. For PolicyBased Session, rule must be specified with sources, destination and action. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is a must for establishing redundant VPN session to remote site. For RouteBased VPN session, ip_addresses and prefix_length must be specified to create the tunnel interface and its subnet.
authentication_mode str: Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. If user wants to configure compliance_suite, then the authentication_mode can only be CERTIFICATE.
compliance_suite str: Compliance suite. Value is one of CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, None.
connection_initiation_mode str: Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.
description str: Description of the resource.
direction str: The traffic direction apply to the MSS clamping. Value is one of NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION AND BOTH.
dpd_profile_path str: Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.
enabled bool: Boolean. Enable/Disable IPsec VPN session. Default is "true" (session enabled).
ike_profile_path str: Policy path referencing IKE profile. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
ip_addresses Sequence[str]: IP Tunnel interface (commonly referred as VTI) ip_addresses. Only applied for Route Based VPN Session.
max_segment_size float: Maximum amount of data the host will accept in a TCP segment. Value is an int between 108 and 8860. If not specified then the value would be the automatic calculated MSS value.
nsx_id str: The NSX ID of this resource. If set, this ID will be used to create the resource.
policy_ipsec_vpn_session_id str: ID of the resource.
prefix_length float: Subnet Prefix Length. Only applied for Route Based VPN Session.
psk str: IPSec Pre-shared key. Maximum length of this field is 128 characters.
rules Sequence[PolicyIpsecVpnSessionRuleArgs]: Bypass rules for this IPSec VPN Session. Only applicable to PolicyBased VPN Session.
tags Sequence[PolicyIpsecVpnSessionTagArgs]: A list of scope + tag pairs to associate with this resource.
tunnel_profile_path str: Policy path referencing Tunnel profile to be used. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.

displayName String: Display name of the resource.
localEndpointPath String: Policy path referencing Local endpoint. In VMC, Local Endpoints are pre-configured the user can refer to their path using data nsxt.PolicyIpsecVpnLocalEndpoint and using the "Private IP1" or "Public IP1" values to refer to the private and public endpoints respectively. Note that if authentication_mode is CERTIFICATE, then the local_endpoint must be configured with certificate_path and trust_ca_paths.
peerAddress String: Public IPV4 address of the remote device terminating the VPN connection.
peerId String: Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.
servicePath String: The path of the IPSec VPN service for the VPN session.
vpnType String: RouteBased or PolicyBased. Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security association is negotiated for each pair of local and peer subnet. For PolicyBased Session, rule must be specified with sources, destination and action. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is a must for establishing redundant VPN session to remote site. For RouteBased VPN session, ip_addresses and prefix_length must be specified to create the tunnel interface and its subnet.
authenticationMode String: Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. If user wants to configure compliance_suite, then the authentication_mode can only be CERTIFICATE.
complianceSuite String: Compliance suite. Value is one of CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, None.
connectionInitiationMode String: Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.
description String: Description of the resource.
direction String: The traffic direction apply to the MSS clamping. Value is one of NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION AND BOTH.
dpdProfilePath String: Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.
enabled Boolean: Boolean. Enable/Disable IPsec VPN session. Default is "true" (session enabled).
ikeProfilePath String: Policy path referencing IKE profile. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
ipAddresses List<String>: IP Tunnel interface (commonly referred as VTI) ip_addresses. Only applied for Route Based VPN Session.
maxSegmentSize Number: Maximum amount of data the host will accept in a TCP segment. Value is an int between 108 and 8860. If not specified then the value would be the automatic calculated MSS value.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the resource.
policyIpsecVpnSessionId String: ID of the resource.
prefixLength Number: Subnet Prefix Length. Only applied for Route Based VPN Session.
psk String: IPSec Pre-shared key. Maximum length of this field is 128 characters.
rules List<Property Map>: Bypass rules for this IPSec VPN Session. Only applicable to PolicyBased VPN Session.
tags List<Property Map>: A list of scope + tag pairs to associate with this resource.
tunnelProfilePath String: Policy path referencing Tunnel profile to be used. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.

Outputs

All input properties are implicitly available as output properties. Additionally, the PolicyIpsecVpnSession resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Path string: The NSX path of the policy resource.
Revision double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

Id string: The provider-assigned unique ID for this managed resource.
Path string: The NSX path of the policy resource.
Revision float64: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

id String: The provider-assigned unique ID for this managed resource.
path String: The NSX path of the policy resource.
revision Double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

id string: The provider-assigned unique ID for this managed resource.
path string: The NSX path of the policy resource.
revision number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

id str: The provider-assigned unique ID for this managed resource.
path str: The NSX path of the policy resource.
revision float: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

id String: The provider-assigned unique ID for this managed resource.
path String: The NSX path of the policy resource.
revision Number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

Look up Existing PolicyIpsecVpnSession Resource

Get an existing PolicyIpsecVpnSession resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PolicyIpsecVpnSessionState, opts?: CustomResourceOptions): PolicyIpsecVpnSession

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        authentication_mode: Optional[str] = None,
        compliance_suite: Optional[str] = None,
        connection_initiation_mode: Optional[str] = None,
        description: Optional[str] = None,
        direction: Optional[str] = None,
        display_name: Optional[str] = None,
        dpd_profile_path: Optional[str] = None,
        enabled: Optional[bool] = None,
        ike_profile_path: Optional[str] = None,
        ip_addresses: Optional[Sequence[str]] = None,
        local_endpoint_path: Optional[str] = None,
        max_segment_size: Optional[float] = None,
        nsx_id: Optional[str] = None,
        path: Optional[str] = None,
        peer_address: Optional[str] = None,
        peer_id: Optional[str] = None,
        policy_ipsec_vpn_session_id: Optional[str] = None,
        prefix_length: Optional[float] = None,
        psk: Optional[str] = None,
        revision: Optional[float] = None,
        rules: Optional[Sequence[PolicyIpsecVpnSessionRuleArgs]] = None,
        service_path: Optional[str] = None,
        tags: Optional[Sequence[PolicyIpsecVpnSessionTagArgs]] = None,
        tunnel_profile_path: Optional[str] = None,
        vpn_type: Optional[str] = None) -> PolicyIpsecVpnSession

func GetPolicyIpsecVpnSession(ctx *Context, name string, id IDInput, state *PolicyIpsecVpnSessionState, opts ...ResourceOption) (*PolicyIpsecVpnSession, error)

public static PolicyIpsecVpnSession Get(string name, Input<string> id, PolicyIpsecVpnSessionState? state, CustomResourceOptions? opts = null)

public static PolicyIpsecVpnSession get(String name, Output<String> id, PolicyIpsecVpnSessionState state, CustomResourceOptions options)

resources:  _:    type: nsxt:PolicyIpsecVpnSession    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AuthenticationMode string: Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. If user wants to configure compliance_suite, then the authentication_mode can only be CERTIFICATE.
ComplianceSuite string: Compliance suite. Value is one of CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, None.
ConnectionInitiationMode string: Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.
Description string: Description of the resource.
Direction string: The traffic direction apply to the MSS clamping. Value is one of NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION AND BOTH.
DisplayName string: Display name of the resource.
DpdProfilePath string: Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.
Enabled bool: Boolean. Enable/Disable IPsec VPN session. Default is "true" (session enabled).
IkeProfilePath string: Policy path referencing IKE profile. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
IpAddresses List<string>: IP Tunnel interface (commonly referred as VTI) ip_addresses. Only applied for Route Based VPN Session.
LocalEndpointPath string: Policy path referencing Local endpoint. In VMC, Local Endpoints are pre-configured the user can refer to their path using data nsxt.PolicyIpsecVpnLocalEndpoint and using the "Private IP1" or "Public IP1" values to refer to the private and public endpoints respectively. Note that if authentication_mode is CERTIFICATE, then the local_endpoint must be configured with certificate_path and trust_ca_paths.
MaxSegmentSize double: Maximum amount of data the host will accept in a TCP segment. Value is an int between 108 and 8860. If not specified then the value would be the automatic calculated MSS value.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
Path string: The NSX path of the policy resource.
PeerAddress string: Public IPV4 address of the remote device terminating the VPN connection.
PeerId string: Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.
PolicyIpsecVpnSessionId string: ID of the resource.
PrefixLength double: Subnet Prefix Length. Only applied for Route Based VPN Session.
Psk string: IPSec Pre-shared key. Maximum length of this field is 128 characters.
Revision double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
Rules List<PolicyIpsecVpnSessionRule>: Bypass rules for this IPSec VPN Session. Only applicable to PolicyBased VPN Session.
ServicePath string: The path of the IPSec VPN service for the VPN session.
Tags List<PolicyIpsecVpnSessionTag>: A list of scope + tag pairs to associate with this resource.
TunnelProfilePath string: Policy path referencing Tunnel profile to be used. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
VpnType string: RouteBased or PolicyBased. Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security association is negotiated for each pair of local and peer subnet. For PolicyBased Session, rule must be specified with sources, destination and action. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is a must for establishing redundant VPN session to remote site. For RouteBased VPN session, ip_addresses and prefix_length must be specified to create the tunnel interface and its subnet.

AuthenticationMode string: Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. If user wants to configure compliance_suite, then the authentication_mode can only be CERTIFICATE.
ComplianceSuite string: Compliance suite. Value is one of CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, None.
ConnectionInitiationMode string: Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.
Description string: Description of the resource.
Direction string: The traffic direction apply to the MSS clamping. Value is one of NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION AND BOTH.
DisplayName string: Display name of the resource.
DpdProfilePath string: Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.
Enabled bool: Boolean. Enable/Disable IPsec VPN session. Default is "true" (session enabled).
IkeProfilePath string: Policy path referencing IKE profile. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
IpAddresses []string: IP Tunnel interface (commonly referred as VTI) ip_addresses. Only applied for Route Based VPN Session.
LocalEndpointPath string: Policy path referencing Local endpoint. In VMC, Local Endpoints are pre-configured the user can refer to their path using data nsxt.PolicyIpsecVpnLocalEndpoint and using the "Private IP1" or "Public IP1" values to refer to the private and public endpoints respectively. Note that if authentication_mode is CERTIFICATE, then the local_endpoint must be configured with certificate_path and trust_ca_paths.
MaxSegmentSize float64: Maximum amount of data the host will accept in a TCP segment. Value is an int between 108 and 8860. If not specified then the value would be the automatic calculated MSS value.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
Path string: The NSX path of the policy resource.
PeerAddress string: Public IPV4 address of the remote device terminating the VPN connection.
PeerId string: Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.
PolicyIpsecVpnSessionId string: ID of the resource.
PrefixLength float64: Subnet Prefix Length. Only applied for Route Based VPN Session.
Psk string: IPSec Pre-shared key. Maximum length of this field is 128 characters.
Revision float64: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
Rules []PolicyIpsecVpnSessionRuleArgs: Bypass rules for this IPSec VPN Session. Only applicable to PolicyBased VPN Session.
ServicePath string: The path of the IPSec VPN service for the VPN session.
Tags []PolicyIpsecVpnSessionTagArgs: A list of scope + tag pairs to associate with this resource.
TunnelProfilePath string: Policy path referencing Tunnel profile to be used. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
VpnType string: RouteBased or PolicyBased. Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security association is negotiated for each pair of local and peer subnet. For PolicyBased Session, rule must be specified with sources, destination and action. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is a must for establishing redundant VPN session to remote site. For RouteBased VPN session, ip_addresses and prefix_length must be specified to create the tunnel interface and its subnet.

authenticationMode String: Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. If user wants to configure compliance_suite, then the authentication_mode can only be CERTIFICATE.
complianceSuite String: Compliance suite. Value is one of CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, None.
connectionInitiationMode String: Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.
description String: Description of the resource.
direction String: The traffic direction apply to the MSS clamping. Value is one of NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION AND BOTH.
displayName String: Display name of the resource.
dpdProfilePath String: Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.
enabled Boolean: Boolean. Enable/Disable IPsec VPN session. Default is "true" (session enabled).
ikeProfilePath String: Policy path referencing IKE profile. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
ipAddresses List<String>: IP Tunnel interface (commonly referred as VTI) ip_addresses. Only applied for Route Based VPN Session.
localEndpointPath String: Policy path referencing Local endpoint. In VMC, Local Endpoints are pre-configured the user can refer to their path using data nsxt.PolicyIpsecVpnLocalEndpoint and using the "Private IP1" or "Public IP1" values to refer to the private and public endpoints respectively. Note that if authentication_mode is CERTIFICATE, then the local_endpoint must be configured with certificate_path and trust_ca_paths.
maxSegmentSize Double: Maximum amount of data the host will accept in a TCP segment. Value is an int between 108 and 8860. If not specified then the value would be the automatic calculated MSS value.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the resource.
path String: The NSX path of the policy resource.
peerAddress String: Public IPV4 address of the remote device terminating the VPN connection.
peerId String: Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.
policyIpsecVpnSessionId String: ID of the resource.
prefixLength Double: Subnet Prefix Length. Only applied for Route Based VPN Session.
psk String: IPSec Pre-shared key. Maximum length of this field is 128 characters.
revision Double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules List<PolicyIpsecVpnSessionRule>: Bypass rules for this IPSec VPN Session. Only applicable to PolicyBased VPN Session.
servicePath String: The path of the IPSec VPN service for the VPN session.
tags List<PolicyIpsecVpnSessionTag>: A list of scope + tag pairs to associate with this resource.
tunnelProfilePath String: Policy path referencing Tunnel profile to be used. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
vpnType String: RouteBased or PolicyBased. Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security association is negotiated for each pair of local and peer subnet. For PolicyBased Session, rule must be specified with sources, destination and action. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is a must for establishing redundant VPN session to remote site. For RouteBased VPN session, ip_addresses and prefix_length must be specified to create the tunnel interface and its subnet.

authenticationMode string: Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. If user wants to configure compliance_suite, then the authentication_mode can only be CERTIFICATE.
complianceSuite string: Compliance suite. Value is one of CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, None.
connectionInitiationMode string: Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.
description string: Description of the resource.
direction string: The traffic direction apply to the MSS clamping. Value is one of NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION AND BOTH.
displayName string: Display name of the resource.
dpdProfilePath string: Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.
enabled boolean: Boolean. Enable/Disable IPsec VPN session. Default is "true" (session enabled).
ikeProfilePath string: Policy path referencing IKE profile. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
ipAddresses string[]: IP Tunnel interface (commonly referred as VTI) ip_addresses. Only applied for Route Based VPN Session.
localEndpointPath string: Policy path referencing Local endpoint. In VMC, Local Endpoints are pre-configured the user can refer to their path using data nsxt.PolicyIpsecVpnLocalEndpoint and using the "Private IP1" or "Public IP1" values to refer to the private and public endpoints respectively. Note that if authentication_mode is CERTIFICATE, then the local_endpoint must be configured with certificate_path and trust_ca_paths.
maxSegmentSize number: Maximum amount of data the host will accept in a TCP segment. Value is an int between 108 and 8860. If not specified then the value would be the automatic calculated MSS value.
nsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
path string: The NSX path of the policy resource.
peerAddress string: Public IPV4 address of the remote device terminating the VPN connection.
peerId string: Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.
policyIpsecVpnSessionId string: ID of the resource.
prefixLength number: Subnet Prefix Length. Only applied for Route Based VPN Session.
psk string: IPSec Pre-shared key. Maximum length of this field is 128 characters.
revision number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules PolicyIpsecVpnSessionRule[]: Bypass rules for this IPSec VPN Session. Only applicable to PolicyBased VPN Session.
servicePath string: The path of the IPSec VPN service for the VPN session.
tags PolicyIpsecVpnSessionTag[]: A list of scope + tag pairs to associate with this resource.
tunnelProfilePath string: Policy path referencing Tunnel profile to be used. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
vpnType string: RouteBased or PolicyBased. Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security association is negotiated for each pair of local and peer subnet. For PolicyBased Session, rule must be specified with sources, destination and action. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is a must for establishing redundant VPN session to remote site. For RouteBased VPN session, ip_addresses and prefix_length must be specified to create the tunnel interface and its subnet.

authentication_mode str: Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. If user wants to configure compliance_suite, then the authentication_mode can only be CERTIFICATE.
compliance_suite str: Compliance suite. Value is one of CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, None.
connection_initiation_mode str: Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.
description str: Description of the resource.
direction str: The traffic direction apply to the MSS clamping. Value is one of NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION AND BOTH.
display_name str: Display name of the resource.
dpd_profile_path str: Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.
enabled bool: Boolean. Enable/Disable IPsec VPN session. Default is "true" (session enabled).
ike_profile_path str: Policy path referencing IKE profile. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
ip_addresses Sequence[str]: IP Tunnel interface (commonly referred as VTI) ip_addresses. Only applied for Route Based VPN Session.
local_endpoint_path str: Policy path referencing Local endpoint. In VMC, Local Endpoints are pre-configured the user can refer to their path using data nsxt.PolicyIpsecVpnLocalEndpoint and using the "Private IP1" or "Public IP1" values to refer to the private and public endpoints respectively. Note that if authentication_mode is CERTIFICATE, then the local_endpoint must be configured with certificate_path and trust_ca_paths.
max_segment_size float: Maximum amount of data the host will accept in a TCP segment. Value is an int between 108 and 8860. If not specified then the value would be the automatic calculated MSS value.
nsx_id str: The NSX ID of this resource. If set, this ID will be used to create the resource.
path str: The NSX path of the policy resource.
peer_address str: Public IPV4 address of the remote device terminating the VPN connection.
peer_id str: Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.
policy_ipsec_vpn_session_id str: ID of the resource.
prefix_length float: Subnet Prefix Length. Only applied for Route Based VPN Session.
psk str: IPSec Pre-shared key. Maximum length of this field is 128 characters.
revision float: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules Sequence[PolicyIpsecVpnSessionRuleArgs]: Bypass rules for this IPSec VPN Session. Only applicable to PolicyBased VPN Session.
service_path str: The path of the IPSec VPN service for the VPN session.
tags Sequence[PolicyIpsecVpnSessionTagArgs]: A list of scope + tag pairs to associate with this resource.
tunnel_profile_path str: Policy path referencing Tunnel profile to be used. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
vpn_type str: RouteBased or PolicyBased. Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security association is negotiated for each pair of local and peer subnet. For PolicyBased Session, rule must be specified with sources, destination and action. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is a must for establishing redundant VPN session to remote site. For RouteBased VPN session, ip_addresses and prefix_length must be specified to create the tunnel interface and its subnet.

authenticationMode String: Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. If user wants to configure compliance_suite, then the authentication_mode can only be CERTIFICATE.
complianceSuite String: Compliance suite. Value is one of CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, None.
connectionInitiationMode String: Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.
description String: Description of the resource.
direction String: The traffic direction apply to the MSS clamping. Value is one of NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION AND BOTH.
displayName String: Display name of the resource.
dpdProfilePath String: Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.
enabled Boolean: Boolean. Enable/Disable IPsec VPN session. Default is "true" (session enabled).
ikeProfilePath String: Policy path referencing IKE profile. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
ipAddresses List<String>: IP Tunnel interface (commonly referred as VTI) ip_addresses. Only applied for Route Based VPN Session.
localEndpointPath String: Policy path referencing Local endpoint. In VMC, Local Endpoints are pre-configured the user can refer to their path using data nsxt.PolicyIpsecVpnLocalEndpoint and using the "Private IP1" or "Public IP1" values to refer to the private and public endpoints respectively. Note that if authentication_mode is CERTIFICATE, then the local_endpoint must be configured with certificate_path and trust_ca_paths.
maxSegmentSize Number: Maximum amount of data the host will accept in a TCP segment. Value is an int between 108 and 8860. If not specified then the value would be the automatic calculated MSS value.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the resource.
path String: The NSX path of the policy resource.
peerAddress String: Public IPV4 address of the remote device terminating the VPN connection.
peerId String: Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.
policyIpsecVpnSessionId String: ID of the resource.
prefixLength Number: Subnet Prefix Length. Only applied for Route Based VPN Session.
psk String: IPSec Pre-shared key. Maximum length of this field is 128 characters.
revision Number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules List<Property Map>: Bypass rules for this IPSec VPN Session. Only applicable to PolicyBased VPN Session.
servicePath String: The path of the IPSec VPN service for the VPN session.
tags List<Property Map>: A list of scope + tag pairs to associate with this resource.
tunnelProfilePath String: Policy path referencing Tunnel profile to be used. Note that if user wants to create session with compliance_suite, then this field should not be configured, the provider will use the default Profile for each compliance suite type.
vpnType String: RouteBased or PolicyBased. Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security association is negotiated for each pair of local and peer subnet. For PolicyBased Session, rule must be specified with sources, destination and action. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is a must for establishing redundant VPN session to remote site. For RouteBased VPN session, ip_addresses and prefix_length must be specified to create the tunnel interface and its subnet.

Supporting Types

PolicyIpsecVpnSessionRule, PolicyIpsecVpnSessionRuleArgs

Action string: PROTECT or BYPASS. Default is PROTECT.
Destinations List<string>: List of distination subnets. Subnet format is ipv4 CIDR.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
Sources List<string>: List of source subnets. Subnet format is ipv4 CIDR.

Action string: PROTECT or BYPASS. Default is PROTECT.
Destinations []string: List of distination subnets. Subnet format is ipv4 CIDR.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
Sources []string: List of source subnets. Subnet format is ipv4 CIDR.

action String: PROTECT or BYPASS. Default is PROTECT.
destinations List<String>: List of distination subnets. Subnet format is ipv4 CIDR.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the resource.
sources List<String>: List of source subnets. Subnet format is ipv4 CIDR.

action string: PROTECT or BYPASS. Default is PROTECT.
destinations string[]: List of distination subnets. Subnet format is ipv4 CIDR.
nsxId string: The NSX ID of this resource. If set, this ID will be used to create the resource.
sources string[]: List of source subnets. Subnet format is ipv4 CIDR.

action str: PROTECT or BYPASS. Default is PROTECT.
destinations Sequence[str]: List of distination subnets. Subnet format is ipv4 CIDR.
nsx_id str: The NSX ID of this resource. If set, this ID will be used to create the resource.
sources Sequence[str]: List of source subnets. Subnet format is ipv4 CIDR.

action String: PROTECT or BYPASS. Default is PROTECT.
destinations List<String>: List of distination subnets. Subnet format is ipv4 CIDR.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the resource.
sources List<String>: List of source subnets. Subnet format is ipv4 CIDR.

PolicyIpsecVpnSessionTag, PolicyIpsecVpnSessionTagArgs

Scope string
Tag string: A list of scope + tag pairs to associate with this resource.

Scope string
Tag string: A list of scope + tag pairs to associate with this resource.

scope String
tag String: A list of scope + tag pairs to associate with this resource.

scope string
tag string: A list of scope + tag pairs to associate with this resource.

scope str
tag str: A list of scope + tag pairs to associate with this resource.

scope String
tag String: A list of scope + tag pairs to associate with this resource.

Package Details

Repository: nsxt vmware/terraform-provider-nsxt
License
Notes: This Pulumi package is based on the nsxt Terraform Provider.

nsxt 3.8.1 published on Wednesday, Apr 30, 2025 by vmware

vmware/terraform-provider-nsxt

nsxt.PolicyIpsecVpnSession

On this page

On this page

Create PolicyIpsecVpnSession Resource

Constructor syntax

Parameters

Constructor example

PolicyIpsecVpnSession Resource Properties

Inputs

Outputs

Look up Existing PolicyIpsecVpnSession Resource

Supporting Types

PolicyIpsecVpnSessionRule, PolicyIpsecVpnSessionRuleArgs

PolicyIpsecVpnSessionTag, PolicyIpsecVpnSessionTagArgs

Package Details

On this page

On this page